Skip to content

Merge changes from the internal pipeline #236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
radical merged 3 commits into from
Jan 13, 2026
Merged

Merge changes from the internal pipeline #236

radical merged 3 commits into from
Jan 13, 2026

Conversation

@radical
Copy link
Member

@radical radical commented Jan 13, 2026

Merge commit from dnc

AICoder (with AICoder via MerlinBot) and others added 3 commits January 7, 2026 03:32
Onboard pipeline to network isolation policy CFSClean2 using CAT tool
1b94631 
<|stateEncoding|>eyJUcmFuc2Zvcm1hdGlvbklkIjoiODI4MDBhODQtNjg4Yy00NDcyLWJiN2QtZjRkMzkzZGQyZTUyIiwiVHJhbnNmb3JtYXRpb25NZXNzYWdlIjoiIiwiU2NlbmFyaW9JZCI6IjYwZDE4YzA4LWYwNjgtNDcwMC1hZDZkLWI2Y2NiYTg1MDQxZCIsIlNjZW5hcmlvUnVuSWQiOiI2MGQxOGMwOC1mMDY4LTQ3MDAtYWQ2ZC1iNmNjYmE4NTA0MWRfYTQ2OThlMTItZjBjNy00NTEwLTgzZGMtZDM4ZGRkNDhkZTQ0IiwiU2NlbmFyaW9WZXJzaW9uIjoiMS4wLjAuMCIsIktwaUlkIjoiMGYyNzI5MWMtYmM1Mi00OWZhLWE5NzgtN2I0YTljMzYyMTA3IiwiS3BpQWN0aW9uSXRlbUlkIjoiNzE4NGU3YTQtY2JmNC00YjQ2LWJhMDctMDk2M2RmYzAxYTM2OjcyMDE5M2JkZDllMjRjOGRlNjMyYWJlODRhMGI2MDBkZmI1ZTVhMzA2YjFmY2E4YmM1NWM5YzIxYTA3MWM4ZDUiLCJUYXJnZXRJZCI6IjcxODRlN2E0LWNiZjQtNGI0Ni1iYTA3LTA5NjNkZmMwMWEzNiIsIlRhcmdldFR5cGUiOiJTZXJ2aWNlIiwiVHJhbnNmb3JtZXJOYW1lIjoiQUlDb2RlclRyYW5zZm9ybWVyIiwiVHJhbnNmb3JtYXRpb25TdGFydFRpbWUiOiIyMDI2LTAxLTA3VDAzOjE5OjQ5LjM2NTg3OTdaIiwiU3RhZ2VUb1J1biI6MSwiRmlsZXMiOltdLCJTdGFnZXMiOlt7Ik9yZGVyIjoxLCJBY3Rpb24iOiJBSUNvZGVyVHJhbnNmb3JtZXIiLCJTdGF0dXMiOiJJblByb2dyZXNzIiwiRXJyb3JNZXNzYWdlIjpudWxsLCJBY3Rpb25Db25maWdzIjp7IkFnZW50SWQiOiJPbmVFU05ldHdvcmtJc29sYXRpb24iLCJBZ2VudElkUHJldiI6Ik9uZUVTTmV0d29ya0lzb2xhdGlvbiIsIlJlcXVlc3RlZEJ5IjoiYW5raiIsIlBpcGVsaW5lTmFtZSI6ImF6dXJlLXBpcGVsaW5lcy55bWwiLCJBZG9PcmciOiJkbmNlbmciLCJBZG9Qcm9qZWN0IjoiaW50ZXJuYWwiLCJBZG9SZXBvTmFtZSI6ImRvdG5ldC1zb3VyY2UtaW5kZXhlciIsIlRhcmdldFBvbGljeSI6IkNGU0NsZWFuMiJ9LCJWYXJpYWJsZXMiOlt7Ik5hbWUiOiJBSUNvZGVyVHJhbnNmb3JtZXIuQWRvT3JnIiwiVmFsdWVMb2NhdGlvbiI6ImFkb09yZyIsIlNvdXJjZSI6IktwaURhdGEiLCJUcmlnZ2VycyI6WyJPbkRlbWFuZCJdLCJWYWxpZGF0aW9uUmVnZXgiOm51bGwsIkNvbFZhbGlkYXRpb25SZWdleCI6bnVsbCwiUmVxdWlyZWQiOnRydWUsIklzQWdncmVnYXRlIjpmYWxzZX0seyJOYW1lIjoiQUlDb2RlclRyYW5zZm9ybWVyLkFkb1Byb2plY3QiLCJWYWx1ZUxvY2F0aW9uIjoiYWRvUHJvamVjdCIsIlNvdXJjZSI6IktwaURhdGEiLCJUcmlnZ2VycyI6WyJPbkRlbWFuZCJdLCJWYWxpZGF0aW9uUmVnZXgiOm51bGwsIkNvbFZhbGlkYXRpb25SZWdleCI6bnVsbCwiUmVxdWlyZWQiOnRydWUsIklzQWdncmVnYXRlIjpmYWxzZX0seyJOYW1lIjoiQUlDb2RlclRyYW5zZm9ybWVyLkFkb1JlcG9OYW1lIiwiVmFsdWVMb2NhdGlvbiI6InJlcG9OYW1lIiwiU291cmNlIjoiS3BpRGF0YSIsIlRyaWdnZXJzIjpbIk9uRGVtYW5kIl0sIlZhbGlkYXRpb25SZWdleCI6bnVsbCwiQ29sVmFsaWRhdGlvblJlZ2V4IjpudWxsLCJSZXF1aXJlZCI6dHJ1ZSwiSXNBZ2dyZWdhdGUiOmZhbHNlfSx7Ik5hbWUiOiJBSUNvZGVyVHJhbnNmb3JtZXIuUGlwZWxpbmVOYW1lIiwiVmFsdWVMb2NhdGlvbiI6InBpcGVsaW5lWWFtbE5hbWUiLCJTb3VyY2UiOiJVSSIsIlRyaWdnZXJzIjpbIk9uRGVtYW5kIl0sIlZhbGlkYXRpb25SZWdleCI6Il4uKlxcLih5bWx8eWFtbCkkIiwiQ29sVmFsaWRhdGlvblJlZ2V4IjpudWxsLCJSZXF1aXJlZCI6dHJ1ZSwiSXNBZ2dyZWdhdGUiOmZhbHNlfSx7Ik5hbWUiOiJBSUNvZGVyVHJhbnNmb3JtZXIuVGFyZ2V0UG9saWN5IiwiVmFsdWVMb2NhdGlvbiI6InZpb2xhdGlvblR5cGVzIiwiU291cmNlIjoiS3BpRGF0YSIsIlRyaWdnZXJzIjpbIk9uRGVtYW5kIl0sIlZhbGlkYXRpb25SZWdleCI6bnVsbCwiQ29sVmFsaWRhdGlvblJlZ2V4IjpudWxsLCJSZXF1aXJlZCI6dHJ1ZSwiSXNBZ2dyZWdhdGUiOmZhbHNlfV19LHsiT3JkZXIiOjIsIkFjdGlvbiI6IkFjdGlvbmVyIiwiU3RhdHVzIjoiTm90U3RhcnRlZCIsIkVycm9yTWVzc2FnZSI6bnVsbCwiQWN0aW9uQ29uZmlncyI6eyJBY3Rpb24iOiJVcGRhdGVQdWxsUmVxdWVzdCIsIlBSVGl0bGUiOiJFbmFibGUgbmV0d29yayBpc29sYXRpb24gcG9saWN5IENGU0NsZWFuIiwiQWN0aW9uUHJldiI6IlVwZGF0ZVB1bGxSZXF1ZXN0IiwiUFJUaXRsZVByZXYiOiJFbmFibGUgbmV0d29yayBpc29sYXRpb24gcG9saWN5IENGU0NsZWFuIiwiUmVxdWVzdGVkQnkiOiJhbmtqIiwiQWRvT3JnIjoiZG5jZW5nIiwiQWRvUHJvamVjdCI6ImludGVybmFsIiwiQWRvUmVwb05hbWUiOiJkb3RuZXQtc291cmNlLWluZGV4ZXIifSwiVmFyaWFibGVzIjpbXX1dLCJSZXBvSW5mbyI6eyJSZXBvSWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJEZWZhdWx0QnJhbmNoIjpudWxsLCJhZG9PcmciOiJkbmNlbmciLCJhZG9Qcm9qZWN0IjoiaW50ZXJuYWwiLCJyZXBvTmFtZSI6ImRvdG5ldC1zb3VyY2UtaW5kZXhlciJ9LCJTb3VyY2VCcmFuY2giOiIiLCJSZW1vdGVCcmFuY2hVcmkiOm51bGwsIk1ldGFkYXRhIjpudWxsfQ==<|stateEncoding|>

Co-authored-by: AICoder via MerlinBot <aicoder@microsoft.com>
Co-authored-by: AICoder <aicoder@microsoft.com>
Merged PR 56379: [AI-Generated][Breeze][[SFI-ES4.2.4] Network Isolati…
89a800b 
…on for CFS endpoints] Enable network isolation policy CFSClean

⚠️ **This PR contains AI-generated code, you must review and validate the changes before merging.**

Scenario Name: Use Network Isolation Policy CFSClean
Service 360 KPI: [[SFI-ES4.2.4] Network Isolation for CFS endpoints](https://vnext.s360.msftcloudes.com/kpidirectory?selectedTab=allKPIDirectory&actionItemId=0f27291c-bc52-49fa-a978-7b4a9c362107)
Transformation Engine: [AICoder](https://aka.ms/aicoder)
Trigger: Requested by ankj

Powered by Breeze

## **PLEASE READ BEFORE GENERATING SOLUTION!** The following automation solution will kick-off an agent that will automatically onboard your pipeline to the network isolation policy "CFSClean". When you click "Generate Solution", you will be prompted to enter the name of your pipeline definition. *This is the name of your pipelines yaml file, e.g. MyPipeline.yml*. You can find the name of your pipeline by clicking the link in the "Pipeline" column. For more information, please visit our TSG.

---

# Network Isolation - CFSClean* Onboarding for ES4.2.4 (READ BEFORE MERGING)

This pull request has been automatically generated to help resolve your ES4.2.4 SFI item. This pull request changes the network isolation policy of your pipeline to block the endpoints listed [here](https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-build/cloudbuild/resolving-cfs-s360-items). This will ensure that your pipeline is fetching packages using CFS, not a public package registry. As stated in our [documentation](https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-build/cloudbuild/resolving-cfs-s360-items), once your pipeline is onboarded to this policy and has made at least three clean runs for 7 consecutive days, the SFI item will automatically be resolved.

**Before you merge this pull request, please follow our [documentation](https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-build/cloudbuild/resolving-cfs-s360-items) to ensure that your repo and pipeline are properly configured.** Once this PR is merged, it will block connections to many different endpoints. If your pipeline explicitly relies on these connections, it will **fail**.

## Review Notes

Since this PR is AI-Generated, we kindly ask that you review the changes carefully to ensure:
- The YAML format is preserved.
- No existing functionality is missing / broken.
- The network isolation policies are [correctly configured](https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-build/cloudbuild/security/1espt-network-isolation#how-can-i-specify-the-policy-i-want-my-pipeline-to-use).

To verify that your pipeline is running under the network isolation policy CFSClean*, please use our [quick guide](https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-build/cloudbuild/security/1espt-network-isolation#what-policies-are-being-used-by-my-pipeline).

For questions or concerns, please reach out to netiso@microsoft.com.

<!-- GitOpsUserAgent=Git...
@radical
Merge remote-tracking branch 'origin/main' into gh-main
c7d108c
@radical radical changed the title Onboard pipeline to network isolation policy CFSClean2 using CAT tool Merge changes from the internal pipeline Jan 13, 2026
@radical radical requested review from ericstj and joperezr January 13, 2026 16:18
joperezr
joperezr reviewed Jan 13, 2026
View reviewed changes
azure-pipelines.yml
extends:
template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
parameters:
settings:
Copy link
Member

@joperezr joperezr Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this is the only actual change which seems ok. Any idea why the diff shows all the other lines as touched?

Copy link
Member Author

@radical radical Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

line-endings :/

@radical radical merged commit 621f804 into dotnet:main Jan 13, 2026
2 checks passed
@radical radical deleted the merge-dnc branch January 13, 2026 17:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joperezr joperezr joperezr approved these changes

@ericstj ericstj Awaiting requested review from ericstj

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@radical @joperezr